{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","type":"maven","namespace":"org.apache.tomcat","name":"tomcat","version":"9.0.116","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.118","latest_non_vulnerable_version":"11.0.22","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58185?format=json","vulnerability_id":"VCID-1qsf-yxnk-fqhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94197","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94198","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94205","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94199","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8","reference_id":"GHSA-h468-7pvh-8vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qsf-yxnk-fqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58187?format=json","vulnerability_id":"VCID-2s6w-bbfa-afb8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21014","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20893","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20891","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20955","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68"},{"reference_url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06"},{"reference_url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc"},{"reference_url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/"}],"url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/26"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044","reference_id":"2457044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483","reference_id":"CVE-2026-34483","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483"},{"reference_url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8","reference_id":"GHSA-rv64-5gf8-9qq8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-34483","GHSA-rv64-5gf8-9qq8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6w-bbfa-afb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58186?format=json","vulnerability_id":"VCID-5tsf-py3f-skd9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34486.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80797","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80777","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.8078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01889","scoring_system":"epss","scoring_elements":"0.83553","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01889","scoring_system":"epss","scoring_elements":"0.83555","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34486"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:20:09Z/"}],"url":"https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34486"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-34486"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457027","reference_id":"2457027","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457027"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34486","reference_id":"CVE-2026-34486","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34486"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat","reference_id":"CVE-2026-34486-DETECTION-SCRIPT-RCE-ON-APACHE-TOMCAT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat","reference_id":"CVE-2026-34486-MITIGATION-SCRIPT-RCE-ON-APACHE-TOMCAT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat"},{"reference_url":"https://github.com/advisories/GHSA-69r9-qgr7-g2wj","reference_id":"GHSA-69r9-qgr7-g2wj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69r9-qgr7-g2wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-34486","GHSA-69r9-qgr7-g2wj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tsf-py3f-skd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58184?format=json","vulnerability_id":"VCID-nqgv-hbwa-d3en","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22253","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22151","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22139","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22194","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22241","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"},{"reference_url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"},{"reference_url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"},{"reference_url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/"}],"url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/28"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038","reference_id":"2457038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487","reference_id":"CVE-2026-34487","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487"},{"reference_url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g","reference_id":"GHSA-x4m4-345f-5h5g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-34487","GHSA-x4m4-345f-5h5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqgv-hbwa-d3en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58183?format=json","vulnerability_id":"VCID-z8df-aq4y-ubet","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35191","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35156","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35135","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35169","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35207","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208"},{"reference_url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271"},{"reference_url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f"},{"reference_url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/"}],"url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/29","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/29"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043","reference_id":"2457043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500","reference_id":"CVE-2026-34500","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500"},{"reference_url":"https://github.com/advisories/GHSA-24j9-x2wg-9qv6","reference_id":"GHSA-24j9-x2wg-9qv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24j9-x2wg-9qv6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-34500","GHSA-24j9-x2wg-9qv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8df-aq4y-ubet"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58185?format=json","vulnerability_id":"VCID-1qsf-yxnk-fqhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94197","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94198","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94205","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94199","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8","reference_id":"GHSA-h468-7pvh-8vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57219?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1b-3pdg-jbfq"},{"vulnerability":"VCID-2kjh-4r2g-rqe6"},{"vulnerability":"VCID-3txt-1psa-5kf5"},{"vulnerability":"VCID-4qcn-52ug-mbd5"},{"vulnerability":"VCID-6uuq-2a39-yubx"},{"vulnerability":"VCID-937w-2w2q-7fdy"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-fqyx-8pgs-uqgg"},{"vulnerability":"VCID-nnye-4xbb-kuf5"},{"vulnerability":"VCID-pq53-6deg-abfx"},{"vulnerability":"VCID-sk1w-8yt4-93cv"},{"vulnerability":"VCID-xjj5-fy4e-e7ha"},{"vulnerability":"VCID-xra9-q91u-rfd5"},{"vulnerability":"VCID-y9hs-ymcm-3ucx"},{"vulnerability":"VCID-yusx-ncpv-sfhg"},{"vulnerability":"VCID-zrc5-bf77-aygn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.0.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/57776?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18rb-u2tu-affk"},{"vulnerability":"VCID-1kgu-zupu-tydw"},{"vulnerability":"VCID-2mj1-8nz1-43cd"},{"vulnerability":"VCID-3nsr-9s9y-ckft"},{"vulnerability":"VCID-3tme-zh53-7ubx"},{"vulnerability":"VCID-4nx6-t8vd-bqcu"},{"vulnerability":"VCID-4uag-c2s8-ubcd"},{"vulnerability":"VCID-59dd-qzpt-aucm"},{"vulnerability":"VCID-5ebw-zerz-u7bh"},{"vulnerability":"VCID-5m85-3zyu-7qak"},{"vulnerability":"VCID-5udv-rheh-kqfy"},{"vulnerability":"VCID-5ztb-ns6b-fuf9"},{"vulnerability":"VCID-6kdt-2q2t-aqgy"},{"vulnerability":"VCID-6umz-z8db-kqcy"},{"vulnerability":"VCID-71mw-xrnv-9kec"},{"vulnerability":"VCID-7fh9-36qs-jfg5"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-9e2b-7qtg-tbaj"},{"vulnerability":"VCID-9gz4-7etq-pyba"},{"vulnerability":"VCID-ac8p-uerd-ubfj"},{"vulnerability":"VCID-axzz-cadr-b7fv"},{"vulnerability":"VCID-bxwn-g8gu-kkbn"},{"vulnerability":"VCID-ct4z-hxx3-53bw"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-dast-z2hv-2yfe"},{"vulnerability":"VCID-dk58-p9py-rka9"},{"vulnerability":"VCID-dxkq-jhq6-qbad"},{"vulnerability":"VCID-e2gy-1c6a-6fdf"},{"vulnerability":"VCID-em96-kd99-3kf8"},{"vulnerability":"VCID-essq-6syu-6ygm"},{"vulnerability":"VCID-fukm-h3r6-s7cr"},{"vulnerability":"VCID-g3vd-74yh-s7bn"},{"vulnerability":"VCID-gmjm-6ck2-skgu"},{"vulnerability":"VCID-gqtv-jvn4-eqe5"},{"vulnerability":"VCID-gw94-yyjd-17er"},{"vulnerability":"VCID-hf8e-m14m-mbcx"},{"vulnerability":"VCID-hqzu-shyu-j3hp"},{"vulnerability":"VCID-hy8s-ks53-u3aq"},{"vulnerability":"VCID-j1m6-79yt-f7h5"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-jbh7-zmq6-bfgs"},{"vulnerability":"VCID-jhm9-cqu3-7yce"},{"vulnerability":"VCID-jzta-navk-87bn"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-m7ja-6efp-tyh1"},{"vulnerability":"VCID-n4zk-mdyw-3fcz"},{"vulnerability":"VCID-nxb3-55eu-auhp"},{"vulnerability":"VCID-pmav-cxu6-1ua9"},{"vulnerability":"VCID-q7g1-m4e7-pya4"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-qth9-7326-hffp"},{"vulnerability":"VCID-qthw-u9bp-zkdp"},{"vulnerability":"VCID-rbvh-4npk-nub9"},{"vulnerability":"VCID-rhtz-91ke-kfbj"},{"vulnerability":"VCID-rk89-9dw5-w3gg"},{"vulnerability":"VCID-rtmv-qetu-yqfa"},{"vulnerability":"VCID-s37s-p75k-27e6"},{"vulnerability":"VCID-s5kh-nebr-tba9"},{"vulnerability":"VCID-se44-f85s-xyex"},{"vulnerability":"VCID-tcmv-6ftg-fqen"},{"vulnerability":"VCID-u95s-xhwk-vka6"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-ujxe-ggfj-k3bh"},{"vulnerability":"VCID-urhs-6aus-syb1"},{"vulnerability":"VCID-vhbh-3a89-x7cw"},{"vulnerability":"VCID-vu84-dfwa-z3dg"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-webw-gryb-7ucv"},{"vulnerability":"VCID-wmb3-3j7y-due7"},{"vulnerability":"VCID-wyf8-8szf-qbfn"},{"vulnerability":"VCID-xa95-zsnk-3kg9"},{"vulnerability":"VCID-xns8-63b5-guf2"},{"vulnerability":"VCID-xra9-q91u-rfd5"},{"vulnerability":"VCID-xtdv-ygus-xuds"},{"vulnerability":"VCID-y9hs-ymcm-3ucx"},{"vulnerability":"VCID-z4zd-puyg-g3bz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0.M1"},{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qsf-yxnk-fqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58187?format=json","vulnerability_id":"VCID-2s6w-bbfa-afb8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21014","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20893","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20891","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20955","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68"},{"reference_url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06"},{"reference_url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc"},{"reference_url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/"}],"url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/26"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044","reference_id":"2457044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483","reference_id":"CVE-2026-34483","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483"},{"reference_url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8","reference_id":"GHSA-rv64-5gf8-9qq8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86783?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.117","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.117"},{"url":"http://public2.vulnerablecode.io/api/packages/86654?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.54"},{"url":"http://public2.vulnerablecode.io/api/packages/86589?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ym4-frda-dbbe"},{"vulnerability":"VCID-84a8-y1hg-vuep"},{"vulnerability":"VCID-j7w8-ean1-33b8"},{"vulnerability":"VCID-qjqr-axrq-xkcf"},{"vulnerability":"VCID-ud36-sb2d-8ych"},{"vulnerability":"VCID-w9nk-wv5n-2kg9"},{"vulnerability":"VCID-xtdv-ygus-xuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.21"}],"aliases":["CVE-2026-34483","GHSA-rv64-5gf8-9qq8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6w-bbfa-afb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58189?format=json","vulnerability_id":"VCID-8qk1-ufax-eugz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08583","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08549","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08597","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08618","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b"},{"reference_url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b"},{"reference_url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90"},{"reference_url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/"}],"url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/23","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/23"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037","reference_id":"2457037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145","reference_id":"CVE-2026-29145","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145"},{"reference_url":"https://github.com/advisories/GHSA-95jq-rwvf-vjx4","reference_id":"GHSA-95jq-rwvf-vjx4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95jq-rwvf-vjx4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-29145","GHSA-95jq-rwvf-vjx4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qk1-ufax-eugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58192?format=json","vulnerability_id":"VCID-cugj-j48z-jub5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38946","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38906","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38895","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38923","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38951","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/74089?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-8qk1-ufax-eugz"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-gw94-yyjd-17er"},{"vulnerability":"VCID-j493-xan3-myfm"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-nsp7-e9m6-juhv"},{"vulnerability":"VCID-s5kh-nebr-tba9"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cugj-j48z-jub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58191?format=json","vulnerability_id":"VCID-gw94-yyjd-17er","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1023","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10165","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10128","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10215","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10251","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87","reference_id":"GHSA-9m3c-qcxr-9x87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw94-yyjd-17er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58190?format=json","vulnerability_id":"VCID-j493-xan3-myfm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1007","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10037","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10123","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10154","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e"},{"reference_url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06"},{"reference_url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae"},{"reference_url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:05:39Z/"}],"url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/22"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031","reference_id":"2457031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129","reference_id":"CVE-2026-29129","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129"},{"reference_url":"https://github.com/advisories/GHSA-69cc-cv78-qc8g","reference_id":"GHSA-69cc-cv78-qc8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69cc-cv78-qc8g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-29129","GHSA-69cc-cv78-qc8g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j493-xan3-myfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58188?format=json","vulnerability_id":"VCID-nsp7-e9m6-juhv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43213","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43176","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43165","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.432","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43222","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:38:40Z/"}],"url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025","reference_id":"2457025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990","reference_id":"CVE-2026-32990","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990"},{"reference_url":"https://github.com/advisories/GHSA-8mc5-53m5-3qj2","reference_id":"GHSA-8mc5-53m5-3qj2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mc5-53m5-3qj2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2026-32990","GHSA-8mc5-53m5-3qj2"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsp7-e9m6-juhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50141?format=json","vulnerability_id":"VCID-s5kh-nebr-tba9","summary":"Apache Tomcat - Client certificate verification bypass\nImproper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field.\n\nThe vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16412","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16411","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16304","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16367","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16285","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30"},{"reference_url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4"},{"reference_url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e"},{"reference_url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509"},{"reference_url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:17:26Z/"}],"url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430","reference_id":"2440430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614"},{"reference_url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354","reference_id":"GHSA-fpj8-gq4v-p354","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74052?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.113","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-8qk1-ufax-eugz"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-gw94-yyjd-17er"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-nsp7-e9m6-juhv"},{"vulnerability":"VCID-s5kh-nebr-tba9"},{"vulnerability":"VCID-s93z-rmw7-5bcw"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.113"},{"url":"http://public2.vulnerablecode.io/api/packages/86789?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.116","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"},{"url":"http://public2.vulnerablecode.io/api/packages/74051?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-8qk1-ufax-eugz"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-gw94-yyjd-17er"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-nsp7-e9m6-juhv"},{"vulnerability":"VCID-s5kh-nebr-tba9"},{"vulnerability":"VCID-s93z-rmw7-5bcw"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.50"},{"url":"http://public2.vulnerablecode.io/api/packages/86659?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.53"},{"url":"http://public2.vulnerablecode.io/api/packages/74050?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-8qk1-ufax-eugz"},{"vulnerability":"VCID-cugj-j48z-jub5"},{"vulnerability":"VCID-gw94-yyjd-17er"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-nsp7-e9m6-juhv"},{"vulnerability":"VCID-s5kh-nebr-tba9"},{"vulnerability":"VCID-s93z-rmw7-5bcw"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/86594?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsf-yxnk-fqhy"},{"vulnerability":"VCID-2s6w-bbfa-afb8"},{"vulnerability":"VCID-5tsf-py3f-skd9"},{"vulnerability":"VCID-nqgv-hbwa-d3en"},{"vulnerability":"VCID-z8df-aq4y-ubet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.20"}],"aliases":["CVE-2025-66614","GHSA-fpj8-gq4v-p354"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5kh-nebr-tba9"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.116"}